diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c44bb95ada20a102c496e65e209c6c2e6d68dbd2..cfd9b5ebf182b7f0cb48a8c4b3d6a17d7f79c4cb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.3.5-golang-1.8-git-2.14-chrome-63.0-node-8.x-yarn-1.2-postgresql-9.6"
+image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.3.6-golang-1.9-git-2.14-chrome-63.0-node-8.x-yarn-1.2-postgresql-9.6"
 
 .dedicated-runner: &dedicated-runner
   retry: 1
diff --git a/.ruby-version b/.ruby-version
index cc6c9a491e0be7fc30975eca1071ed288cc21a03..e75da3e63d60425514e3bd5d5876289e4322c5ae 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.5
+2.3.6
diff --git a/changelogs/unreleased/41268-bump-ruby-to-2-3-6.yml b/changelogs/unreleased/41268-bump-ruby-to-2-3-6.yml
new file mode 100644
index 0000000000000000000000000000000000000000..188a854ebee6e960bc64512663096226cf7663bf
--- /dev/null
+++ b/changelogs/unreleased/41268-bump-ruby-to-2-3-6.yml
@@ -0,0 +1,5 @@
+---
+title: Upgrade Ruby to 2.3.6 to include security patches
+merge_request: 16016
+author:
+type: security